registry  /  nduka  /  1.0.5

nduka@1.0.5

WhatsApp AI Gateway

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. Runtime networking is package-aligned for configured LLM, transcription, and explicitly configured connector/tool services.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Explicit `nduka` CLI start/worker commands or WhatsApp gateway runtime
Impact
Processes user messages and configured media through user-selected service integrations; no stealth persistence or credential exfiltration path found.
Mechanism
WhatsApp bot gateway with configured LLM, OCR, and connector requests
Rationale
Direct inspection shows an application-oriented WhatsApp AI gateway with explicit runtime commands and configured service calls, not install-time or stealth behavior. Scanner signals reflect normal provider/config/network functionality; no concrete malicious chain was found.
Evidence
package.jsondist/cli/index.jsdist/llm/ocr-registry.jsdist/llm/providers/http-ocr.jsdist/connectors/executor.jsdist/connectors/url-guard.jsdist/gateway/server.jsdist/gateway/bootstrap.jsdist/llm/providers/openai-compat.jsdist/connectors/dns-guard.jsconfig/llm.settings.jsonconfig/tools.chatbot.json

Decision evidence

public snapshot
AI called this Clean at 95.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • `package.json` has no preinstall/install/postinstall hooks.
    • `dist/cli/index.js` only spawns its packaged Node gateway after explicit CLI commands.
    • `dist/llm/ocr-registry.js` uses configured provider settings; no dynamic code loading occurs.
    • `dist/connectors/executor.js` restricts connectors to validated HTTPS allowlists and blocks redirects/private hosts.
    • No eval, vm, native-module loader, or foreign AI-agent config paths found in inspected `dist` files.
    • Writes target package runtime config, local `.env`, auth, data, and backups under the working directory.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    Manifest
    GitDependency
    scanned 244 file(s), 1.16 MB of source, external domains: api.anthropic.com, api.groq.com, api.mrcnpin.com, api.openai.com, example.com, generativelanguage.googleapis.com, gulfnews.com, openrouter.ai

    Source & flagged code

    4 flagged · loading source
    dist/llm/ocr-registry.jsView file
    99} L100: require(task) { L101: const selected = this.select(task);
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/llm/ocr-registry.jsView on unpkg · L99
    dist/message-dedupe/engine.jsView file
    178} L179: // ─── Private ──────────────────────────────────────────────────────────── L180: buildDedupeKey(key) {
    Low
    Weak Crypto

    Package source references weak cryptographic algorithms.

    dist/message-dedupe/engine.jsView on unpkg · L178
    package.jsonView file
    dependencies changed=@whiskeysockets/baileys
    Critical
    Manifest Confusion

    Tarball package.json differs from the npm registry version manifest for scripts or dependency sets.

    package.jsonView on unpkg
    dist/agent-tools/agent-tool-router.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = nduka@1.0.4 matchedIdentity = npm:bmR1a2E:1.0.4 similarity = 0.933 summary = stored previous version shares package body but lacks this dangerous source file
    High
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    dist/agent-tools/agent-tool-router.jsView on unpkg

    Findings

    1 Critical1 High4 Medium5 Low
    CriticalManifest Confusionpackage.json
    HighPrevious Version Dangerous Deltadist/agent-tools/agent-tool-router.js
    MediumDynamic Requiredist/llm/ocr-registry.js
    MediumNetwork
    MediumEnvironment Vars
    MediumGit Dependency
    LowScripts Present
    LowWeak Cryptodist/message-dedupe/engine.js
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings